Android may be the world’s top mobile operating system but its premier app market, the Google Play Store, seems to have a serious problem with popular applications being ripped off and sometimes repurposed as malware, a recently reported study suggests. Completed over the course of two years by The University of Sydney and the Australian science research agency Commonwealth Scientific and Industrial Research Organisation (CSIRO), the research could potentially hold the key to solving the problem too.
By the numbers, the research consisted of an examination of approximately 1.2 million applications on the market and found that — using “conservative” assumptions — around 49,608 bore close similarities to the top 10,000 applications on the Play Store. That means that around 50,000 of the 1.2 million apps, based on app icons, titles, and similar metrics, could easily have been direct counterfeits of those top apps.
Of those, 2,040 were found to contain malware while a further 1,565 asked for no fewer than five plausibly dangerous permissions above their functional requirements and 1,407 utilized suspect third-party ad libraries. The latter of those is a type of vulnerability that’s been relatively common and recurrent on the Play Store. As many as 7,200 apps, or roughly 15-percent, were flagged as prospectively causing problems.
The study also points to a possible partial solution
Since completion of the study, as many as 35-percent of the problem apps and potential problem apps are are no longer available in the Google Play Store. That’s a testament to the changes Google has made over the past couple of years in terms of both policies and the enforcement of those policies.
In particular, the search giant has pushed to make its policies more enforceable, to begin with, and to crack down on applications that inappropriately use permissions. A significant part of that endeavor has centered around Google Play Protect, which actively scans installed apps on any given device looking for problems.
That’s been mostly successful but the study in question was not actually only intended to search out the bad apps themselves. Instead, it was a test of a novel approach utilizing “content embeddings and style embeddings generated from pre-trained convolutional neural networks” — AI — to determine whether those can be used to find malicious software.
The AI used in the study looks at certain aspects of applications that Google’s own scanning may not be considering. Namely, that’s the questions of whether or not and where a malicious app developer is likely to copy the apps, games, style, and design language of Android applications that are already popular.
By examining how closely any app does copy those attributes of popular software, the AI is narrowing down the apps that are likely to both be malicious — or just badly coded — and downloaded by accident.
Staying malware-free
The number of apps that were discovered by the researchers to be potentially dangerous equates to just over 4-percent of the 1.2 million applications considered over the course of the study. The Google Play Store, according to widespread estimates from analytic firms is currently at just over double that number, meaning that the number of threats could be double.
The study shows that the most popular apps seem to attract the most attention from would-be bad actors. Specifically, games appear to be the most replicated and problematic, with apps such as Temple Run, Free Flow, and Hill Climb Racing copied more often than others during the period under consideration.
Almost nothing prevents apps from using almost identical titles or icons either. So whether or not an app looks similar to those is not an indicator of how safe it is and users should check the listed developer against the known developer of the official app too.
While improvements have been made, as noted above, at least one takeaway from the study is that users need to be vigilant when downloading apps for their mobile devices, even when downloading from the official Google Play Store.